Unfortunatly, what your looking for may not be possible. The problem is, it's really trivial for a browser to fake information like that, you'd be diving head first into a security nightmare.

There may be a way around that though, but it might cost a few dollars. In the same way that a web server needs a digital certificate in order to do secure transactions, browsers can be given certificates too, in order to verify a person's identity. You'd have to go through a company like Verisign to do that, and you might end up spending $50 a user or so. On the server end, you could have some code to check the certificate the browser is presenting you with. If you recognize the certificate, you could authenticate them.

Thats about the only way you can verify a users identity, without asking for a password. And then, that only works so long as the user doesn't have their certificate stolen ;-)

Hope that helps!
-Eric

-- Lucy: "What happens if you practice the piano for 20 years and then end up not being rich and famous?"Schroeder: "The joy is in the playing."